Ah, yes, let’s not forget to add the biggest Quod Non of the decade to our list of subjects for the redevelopment of information security / information risk management / risk management / management of risks / management ‘book’ forthcoming.
Indeed, three lines of ‘defense’ will be in. As well as the extension to five lines of defense. Which will all not work, and will all just add to the culpability of those proposing them, as they must know better or declare their incompetence at an even broader scale and abstraction layer.
Because, and here I repeat myself, and many others, how can something help defend when it’s not between a threat and a vulnerability ..!?
Because I already discussed this in the past (way back, couple of months ago (final one)), and will discuss in all detail in the overall Book (white paper) on the above subjects, I’ll leave it here. For the believers in the idea: Full speed ahead into the blind alley …!